-------- Forwarded Message -------- Subject: [gamera-devel] Re: Bug#785548: gamera.plugins.png_support: heap-based buffer overflow Date: Wed, 20 May 2015 13:53:58 +0200 From: Christoph Dalitz [email protected] [gamera-devel] <[email protected]> Reply-To: [email protected] Organization: Hochschule Niederrhein To: Gamera List <[email protected]>
Dear Daniel, just for your information: the lead developer of libpng, Glenn Randers-Pehrson, has just sent me the following confirmation that this particular file still causes problems with the latest version of libpng: > I verified that the current head of libpng branches 12 through 17 all fail > to detect the end-of-file, reject the truncated bKGD chunk, but then continue > to process "crash.png" despite the fact that it contains no IDAT or IEND. On Linux, Gamera uses the libpng12 version that comes with the system, so an update of the libpng installation will then solve the issue. On OSX and Windows, a copy of libpng is shipped with Gamera, which I will replace, once a fix is available. Christoph
